Thanks Jason, that was exactly the issue! It's working now. On Wed, Apr 26, 2017 at 4:11 PM, Jason B. Nance <[email protected]> wrote: > Hi Chris, > >> # remoteu, sysaccounts, etc, example.com >> dn: uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com >> objectClass: account >> objectClass: simplesecurityobject >> objectClass: top >> uid: remoteu >> userPassword:: [hash value] >> >> This new user is unable to run LDAP searches though: >> ldapsearch -D 'cn=remoteu' -W -H ldap://ipa01.example.com -x uid=remoteu >> Enter LDAP Password: >> ldap_bind: Invalid credentials (49) > > Your DN (-D) is incorrect in your ldapsearch call. It needs to match the > part after the "dn:" string you provided in your query of the user above > (uid=remoteu,cn=sysaccounts,cn=etc,dc=example,dc=com). > > In some cases you can shorten the DN but only if your suffix/basedn is set > correctly for the client making the call. > > Regards, > > j
-- Chris Herdt UIS Systems Administrator [email protected] 612-301-2232 (office) 734-754-3585 (mobile) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
